Top

Wapto documentation

Payment Gateways

Welcome to WAPTO!

Get an AI summary of this page
ChatGPT Gemini Grok Perplexity

Overview

The **Payment Gateways** module is the financial foundation of your Wapto instance. It enables administrators to securely integrate and manage industry-leading payment providers—**Stripe, Razorpay, and PayPal**—to process subscription billings and transactional payments in real-time.

By centralizing credential management, this feature ensures that all financial interactions are encrypted, compliant with global standards (PCI DSS), and scalable as your user base expands. Selecting a provider dynamically loads its specific technical requirements, allowing for a streamlined setup process.

Navigation & Selection

Navigate to System SettingsPayment Gateways in the admin sidebar.
Select your preferred Payment Provider from the top toggle bar.
Enable the Enable Payment Gateway toggle to activate the provider for your application.

Only enabled gateways with valid API credentials will process live transactions.

Stripe Setup Protocol

Technical Credentials
  • Publishable Key: Publicly accessible key for client-side tokenization.
  • Secret Key: Highly sensitive key for server-side charge authorization.
Retrieval Steps

1. Log in to your Stripe Dashboard.
2. Navigate to DevelopersAPI Keys.
3. Copy the keys (`pk_...` and `sk_...`) and paste them into Wapto.

Razorpay Setup Protocol

Technical Credentials
  • Key ID: Unique identifier for your Razorpay account.
  • Key Secret: Secure authentication secret.
  • Webhook Secret: (Recommended) Used to validate incoming webhook events from Razorpay.
Retrieval Steps

1. Log in to Razorpay Dashboard.
2. Navigate to SettingsAPI Keys.
3. Generate a new key pair if existing ones are lost.

PayPal Setup Protocol

Technical Credentials
  • Client ID: Unique application ID from the PayPal Developer Portal.
  • Secret Key: Secure application secret.
  • Environment Mode: Choose between Sandbox (Testing) or Live processing.
Retrieval Steps

1. Go to PayPal Developer Dashboard.
2. Navigate to My Apps & CredentialsCreate App.
3. Copy the REST API credentials.

Gateway Best Practices
  • Credential Secrecy: Never expose Secret Keys in forums or documentation.
  • Sandbox Testing: Always perform a $0.00 transaction in Sandbox before going Live.
  • Webhook Validation: Enable Webhook Secrets for Razorpay to prevent spoofing attacks.
  • Periodic Rotation: Update API keys every 12 months for additional security.
Common Failure Matrix
Transaction Declined Check if the gateway is in 'Sandbox' mode while using 'Live' cards.
Webhook Error Verify the Webhook Secret matches exactly with the provider's dashboard.
Client ID Mismatch Ensure there are no leading/trailing spaces when pasting API keys.